Garbage collect expired ports
2011-04-01 accessibility/linux-f8-atk: End of Life since Jan 7, 2009
2011-04-01 archivers/linux-f8-ucl: End of Life since Jan 7, 2009
2011-04-01 archivers/linux-f8-upx: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-alsa-lib: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-arts: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-esound: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-freealut: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libaudiofile: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libogg: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libvorbis: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-mikmod: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-nas-libs: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-openal: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-sdl_mixer: End of Life since Jan 7, 2009

Bump portrevision due to upgrade of devel/gettext.
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)

Update PostgreSQL to 7.3.19, 7.4.17, 8.0.13, 8.1.9 and 8.2.4 respectively:
The PostgreSQL Global Development Group has released updated versions
for PostgreSQL 8.2 and all back versions to patch a privilege
escalation exploit in SECURITY DEFINER functions. All users of this
feature are urged to update to the latest minor version and follow
instructions on securing these functions as soon as possible. This
minor release also contains other fixes, so all users should plan to
deploy it.
Once you have updated, additional steps are required to secure your
database against the exploit. Please read the release notes at
http://www.postgresql.org/docs/8.2/static/release.html and the
TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how
to lock down your security definer functions, if you use them.

Update PostgreSQL with, amongst other things, a security fix:
A vulnerability allows suppressing the normal checks that a SQL
function returns the data type it's declared to do. These errors can
easily be exploited to cause a backend crash, and in principle might
be used to read database content that the user should not be able to
access. [CVE-2007-0555]
The release includes a set of other fixes as well. Please see the
release information at
http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-18
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555

Update postgresql to 8.2.1, 8.1.6, 8.0.10, 7.4.15 and 7.3.17.
Release notes:
http://www.postgresql.org/docs/7.3/static/release.html#RELEASE-7-3-17
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-15
http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-10
http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-6
http://www.postgresql.org/docs/8.2/static/release-8-2-1.html
The server-side utilities of postgresql (initdb, initlocation,
ipcclean, pg_controldata, pg_ctl, pg_id and pg_resetxlog) are now
installed by the respective postgresql*-server port (previously they
where installed with the client). If you update the client, you should
also update the server to make sure you are not left without the
server-side tools. Do something like:
portupgrade postgresql-client postgresql-server

Update all PostgreSQL to fix a security flaw
The PostgreSQL Global Development Group today released versions 8.1.4, 8.0.8,
7.4.13 and 7.3.15. This is an urgent update to close a security hole which
can permit a SQL injection attack on some applications running PostgreSQL.
Users are urged to apply the update as soon as reasonably possible. Since the
update affects client functionality, most driver projects will be updating
this week as well.
Because the security issue involved is complex, we have added a section in
Techdocs to explain it: http://www.postgresql.org/docs/techdocs.52. Please
read this first before applying the updates.
Also, fix rc_subr startup problems on FreeBSD-7.x.
Security: http://www.postgresql.org/docs/techdocs.50
PR: ports/95154

Update postgresql with latest patch release.
A critical fix repairs an error in ReadBuffer that can cause data loss
due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Note that this update might require a reindex of textual columns under
certain conditions; please see UPDATING.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto

Handle a change in rc.subr. nowadays, "faststart" is used instead of
"start" when booting, since there's no need waste time checking for
running processes when the OS is starting up.
Bumping portrevision.
PR: 90884
Submitted by: Victor Snezhko <snezhko@indorsoft.ru>

Let postgresql (libpq.so) only link with the Kerberos implementations
installed from ports. The base heimdal distribution installs libraries
that have no depenency information. While this is quite correct, it
means that each library that links with libpq.so must also know if
libpq.so is linked with libkrb.so et al. Problem is, there's no good
way to get this information (pg_config has a --libs option starting at
version 8.1) and all ports using postgresql must be changed to make it
possible to link with a libpq.so that was configured to use the
Kerberos implementation installed in /usr by default. Hence, we
require one of the ports (heimdal or krb5) if postgresql is to be
linked with Kerberos. At least for now, until we can fix this in some
better way.
Also, if MIT Kerberos (security/krb5) is installed, users should
ideally remove the base heimdal installation so linkers will not pick
it up in preference to the krb5 libs (base heimdal has higher version
numbers than krb5 port).
PR: 80869, 88098, 85178

Update to version 7.3.11
Migration to version 7.3.11
A dump/restore is not required for those running 7.3.X. However, if you
are upgrading from a version earlier than 7.3.10, see the release notes
for 7.3.10.
__________________________________________________________________
Changes
* Fix error that allowed "VACUUM" to remove ctid chains too soon, and
add more checking in code that follows ctid links
This fixes a long-standing problem that could cause crashes in very
rare circumstances.

Update PostgreSQL to latest versions. For details on the fixes,
please see the HISTORY file included in the Release, but a summary
consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function
results
* Repair race condition between relation extension and VACUUM
This could theoretically have caused loss of a page's worth of
freshly-inserted data, although the scenario seems of very low
probability. There are no known cases of it having caused more than
an Assert failure.
Security: http://www.postgresql.org/about/news.315

Fixing problems with the recent security patch: When bison was not
installed, the patched gram.y file would not be used and the security
patch would be a no-op. Also, I've had reports of compilation errors
related to bison.
Since checking for the correct version of bison is hard and error
prone, I'm doing what the postgresql distribution does - patching the
yacc:ed .c file to get rid of the building dependency.
Bumping portrevision of -server.
Pointy hat to: me
Noticed by: Mike Harding and others
Security:
http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by: seanc (implicit)

Fix security alert using a patch from PostgreSQL's CVS repository:
Prevent overrunning a heap-allocated buffer if more than 1024
parameters to a refcursor declaration are specified. This is a
minimally-invasive fix for the buffer overrun.
Define LATEST_LINK to avoid package name clashes between the different
branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to
branch 7.4, keep its LATEST_LINK to a generic value.)
Set UNIQUENAME and let it be the same for server & client, so each
branch's ports will share the same options file. This adds some no-op
knobs to the -client port, but IMO it is better this way.
Add space inside paranthesis in OSVERSION conditional to work around

In order to address a potential security hole recently identified with
the "LOAD" option, the PostgreSQL Global Development Group is
announcing the release of new versions of PostgreSQL.
Update to 7.3.9, 7.4.7 & 8.0.1.
Take the opportunity to reset PORTREVISION of slave ports.
Back out name change of startup script. The new script uses rc.subr(8),
and as such also uses rcorder(8). But, rcorder does not exist in FreeBSD
4.x. Hence rename the script it back to the top of the directory
list. [1]
The periodic script should of course be executable. [2]
[1] Noted by Niels Chr. Bank-Pedersen <ncbp at bank-pedersen dot dk>
[2] Noted by Fritz Heinrichmeyer <fritz.heinrichmeyer at fernuni-hagen dot de>

Split the postgresql ports into a server and a client part. The
following knobs can be used by ports depending on PostgreSQL:
# USE_PGSQL - Add PostgreSQL client dependency.
# If no version is given (by the maintainer via the port or
# by the user via defined variable), try to find the
# currently installed version. Fall back to default if
# necessary (PostgreSQL-7.4 = 74).
# DEFAULT_PGSQL_VER
# - PostgreSQL default version. Can be overridden within a port.
# Default: 74.
# WANT_PGSQL_VER
# - Maintainer can set an arbitrary version of PostgreSQL by
# using it.
# BROKEN_WITH_PGSQL

PR ports/75344 - This needs testing and an probably experimental
build, so it will not be out the door before the ports freeze.
Meanwhile, modify BROKEN text to something more informative.
Approved by: ade (mentor)

Another step along the road to the postgresql new world order.
Note that none of these ports are (yet) hooked into the tree,
and will not compile unless you set a specific environmental
variable. This should be warning enough to leave well alone
for now :)
Submitted by: maintainer